Blog

The New Faces of Phishing (Part II)

Phishing has evolved… and so has the AntiPhishing Working Group

Phishing affects everyone, from consumers and enterprises to governments and regulated financial services. The threat has never been greater and is worsened by the increased selective targeting of victims or organizations that have large sums of money or high-value intellectual property.

To contend with this new threat landscape, APWG members need more and better intelligence. APWG toolkits have evolved to meet this need. The APWG eCrime eXchange (eCX) now supports on-demand phishing data insertion and retrieval: this significantly improves an e-crime investigator’s access to fresh data. Additionally, the APWG now collects and shares more than just standard phishing indicators; specifically, APWG now provides data associated with cryptocurrency identifiers and malicious IP Addresses. As phishing continues its evolution the APWG will continue to expand the kinds of data collected by the APWG and its members.

APWG members also need reliable situational intelligence and security awareness. Through the eCrime conference, the APWG continues to raise awareness to the issues that arise with evolutions to phishing and their targets. The academic and industry research tracks of the conference give the opportunity for security researchers and practitioners to share new techniques to address challenges related to phishing as well as provide insights into real world case studies. The conference program exposes attendees to unique case studies, data or trend analyses, and most importantly, opportunities to network with some of the operational security community’s finest practitioners.

APWG members must also keep pace with global policies and regulations that affect cyber investigations. Crimes involving social engineering or phishing attacks necessarily oblige investigators to sift through large amounts of data. Increasingly, some of this data may be deemed personal or sensitive in one or more international jurisdictions. The APWG membership provides subject matter expertise and consultation to legislators who are responsible for defining privacy or data protection laws or regulations: this knowledge-sharing is necessary to ensure that the regulators make informed policy or regulatory decisions. APWG will continue to work with members and international governance bodies to define appropriate safeguards for collecting and sharing e-crime indicators among its members and other e-crime fighters. Most recently, the APWG has worked to make our data collection and sharing activities consistent with EU 2016/679 (GDPR), EU 2016/680, the APEC Privacy Framework, and requisite national regulations so e-crime fighters get access to the best data as soon as possible.

Closing remarks

As phishing – and e-crime in general -has evolved the crime fighters need to evolve, too. The APWG consults regularly with its members, other organizations, and international authorities and bodies to ensure that as phishing evolves e-crime fighters are prepared, too.